How to Create an Event Stream with AMP APIs

Available Languages

Download Options

  • PDF     (74.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (119.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (163.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 28, 2020
Document ID:215212

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the steps of how to configure an event stream in AMP (Advanced Malware Protection) for Endpoints with Postman tool.

    Contributed by Nancy Pérez, Yeraldin Sánchez, Cisco TAC Engineers.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Access to the Cisco AMP for Endpoints console
    • API credentials from the AMP portal: 3rd Party API Client ID and API key, on this link you can find the steps to obtain them: How to Generate an API Credential from the AMP Portal
    • An API handler, in this document, is used the Postman tool

    Components Used

    The information on this document is based on these software and hardware versions:

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Cisco does not support the Postman tool, if you have a question about it, please contact the Postman support.

    Configure

    Step 1. In the Postman home page, select Create a request in order to create a new event stream, as shown in the image.

    Step 2. Select POST and paste the URL needed to do the query, as shown in the image.

    To type your 3rd Party API Client ID and API Key, select Basic Authorization.

    Username= 3rd Party API Client ID

    Password= API Key

    Step 3. In the Body section, select form-data. KEY is filled with “name” word, VALUE is filled with the name of the event stream. Make sure that row is marked.

    Step 4. At this point, you can click on the Send button to receive your event stream.

    Note: Limit of 5 active resources across each organization

    Verify

    Use this section to confirm that your configuration works properly.

    Once the event stream is generated, you can verify it with the command GET https://api.amp.cisco.com/v1/event_streams which displays the number of event streams created on the organization, as shown in the image.

    In this section, you can find the event stream information as the ID, name and AMP credentials

    In order to obtain information about the active event stream you can use GET https://api.amp.cisco.com/v1/event_streams/"id"

    Troubleshoot

    There is currently no specific troubleshooting information available for this configuration.

    TAC Authored

    Contributed by Cisco Engineers

    • Nancy Perez
      Cisco TAC Engineer
    • Yeraldin Sanchez
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products